How Does Email Encryption Work?

July. 7, 2020

1:00-2:00AM PST

Are you wondering how email encryption works? The majority of people do not encrypt their emails, assuming their firewall will protect them from hackers and cybercriminals from the internet. The problem is, once that email leaves your network, it is no longer hidden behind your firewall. Encrypting your email is the only way to ensure your information is protected when it leaves your network, but the concept of encrypting emails can sound complicated and difficult to some. So how does email encryption work? Let's explore what end-to-end email encryption is, how it works, and why you should be using it. 

What is end-to-end email encryption?

End-to-end email encryption is a method of sending emails that encrypt the message so that only the sender and the recipient can read them. Here's how email encryption works: The sender's system will encrypt it upon sending and the recipient's system decrypts it; this makes it so that nobody can tamper with or read the email, giving you complete security and confidentiality. You can learn more about what email encryption is here.

What is not end-to-end email encryption?

Let's take a look at what is not end-to-end email encryption, to give you a better idea of what it does and why end-to-end encryption is better than relying solely on your email provider.


Someone with a Yahoo account sends a message to someone using a Gmail account. By sending an email with  SMTP over TLS between two secure email providers, the message is encrypted between the two servers, as long as the servers that both the sender and the intended recipient use supports  SMTP over TLS. While this is a good start for email security, this is not the ultimate solution to email privacy and security that many claim it is. Not all servers support SMTP over transport layer security, and both servers have access to the email, so it can still be read and tampered with.


When you visit your Gmail inbox, the URL has HTTPS in front of it, which means that SSL/TLS without S/MIME (which would need a certificate authority) was used to encrypt data between the Gmail servers and your computer to create encrypted messages, protecting user data. SSL/TLS is commonly used on many websites these days, because it is more secure than HTTP and it helps protect against malware. While Gmail does encrypt the data, it is only encrypted between your computer and the servers. Also, Gmail has the ability to decrypt the data if necessary.

How does end-to-end email encryption work?

Now that we know what end-to-end encryption does not do, we can better examine how it works.

Both the sender and recipient are required to have a pair of cryptographic keys, one of which is public, and the other key is private. The sender will use the recipient's public key to encrypt the message on their device, then the recipient will decrypt it on their device with the private key.

Here is an easier way to look at the process on how email encryption works:

  1. Fred (sender) and Bill (recipient) generate their keys and send each other their public keys; the private keys stay private.
  2. Fred encrypts the email with Bill's public key and sends it to Bill.
  3. Bill receives the email and decrypts it with his private key.

How are public keys made public?

Keys are made and distributed by a certificate/certification authority (CA), which is an online entity that issues digital certificates and created the public key infrastructure. The CA is considered to be the trusted third party, and it provides certification for both the public and private keys.

The public key is given to the owner and the CA enters it into a public directory. The private key is given to the owner and is not available anywhere else.

With the public key, anyone can send the certificate owner an end-to-end encrypted message. They can get the public key through the directory the CA created or by simply asking the owner for the key. The public directories can usually be searched by name or email to find the public key. This is how the email encryption process works, which helps prevent phishing attacks and security vulnerabilities.

Advantages of End-to-End email Encryption

Privacy is one of the biggest advantages of using end-to-end email encryption. The content of every email you send — along with its attachments — is protected from anyone seeing them except the person you are sending them to. You do not need to worry about mass surveillance either; end-to-end encryption will keep any prying eyes away from your private messages. This allows you to protect sensitive information such as your social security number, username and password, and your bank account numbers.

Security is the other big advantage of using end-to-end email encryption. It can be combined with digital signing, which authenticates that you are truly the sender of the email, not a hacker pretending to be you to install a virus on their computer. Digital signing also gives you another layer of protection in that it will help guarantee that your message sends from your email address was never tampered with.

Final Thoughts

This type of email encryption has been around for years, but it has a fairly low adoption rate because many mainstream email service providers rely on ads and selling their users' data. End-to-end email encryption is also uncommon because it prevents the government to keep an eye on our communications. The final reason email encryption has such a low adoption rate is that it can be hard to use or understand until you get comfortable with it; it can also be hard to implement.

No matter what security you have in place on your computer, email is still one of the most vulnerable areas to attack. Without end-to-end email encryption, your emails can be intercepted by hackers and scammers, which is especially bad if you have sensitive information in those messages. Sending an unencrypted email with sensitive information in it can be the equivalent of writing that information on a postcard and mailing it. Anyone can see it as it travels, and then that important information is in the wrong hands. This is bad for both personal and business reasons.

It is important to keep in mind that once you have decrypted an email, if you do not re-encrypt it, the information in it can be accessed. Depending on how sensitive the information in the email is, you may want to make a habit of re-encrypting emails with sensitive content once you have read them, to ensure that information stays protected.

Trustifi offers a number of email security services, including email encryption. Contact us today to get started making your inbox more secure with email encryption.

Try Trustifi Today


See if Trustifi Is Right for Your Organization